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DETAILED ACTION 

1. Claims 1-15 and 17-32 are pending in the instant application. This office Action is 
sent in response to the Applicant's Amendment filed June 15, 2007. 



Response to Arguments 

2. Applicant's arguments filed June 15, 2007 have been fully considered but they 
are not persuasive. 

The Applicant asserts that the claims, as amended, may be distinguished from 
the applied references because such references fail to teach the newly claimed feature 
of disabling the user logic after the configuration data is loaded onto the configurable 
device. However the Examiner finds that Albrecht teaches such a feature at col. 4 lines 
25-30 where the user logic is write disabled. This reads on denying access in the case 
where a modification to BIOS already in memory is sought by a user. 

The Applicant substantially repeats the arguments made previously that 
Albrecht fails to teach the feature of user logic, and a configurable device. Yet a careful 
review of the cited section of Albrecht, col. 4 lines 25-30, shows that logic in the form of 
an integral flash memory security circuit that controls read and write operations to the 
flash memory was used to teach the user logic. Therefore the cited section does indeed 
read on a reasonably broad interpretation of "user logic". 

The Applicant argues that Albrecht fails to teach a "configurable device", or that 
the previous Office Action failed to explicitly map this feature to the Albrecht reference. 
Yet a review of the rejection of claim 1 for example, shows that such was indeed set 
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forth where col. 3 lines 32-43 was cited to teach this feature. This feature is taught, for 
example, in Albrecht in col. 3 lines 43-60 as well. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

4. Claims 1, 14, 15, 17, 18, 23, and 32 are rejected under 35 U.S.C. 102(b) as 
being clearly anticipated by Albrecht et al. US 5,835,594. 

As for claim 1 , Albrecht teaches a method for controlling use of configuration 
data (abstract: write data, fig. 7: element 306: write data, col. 4 lines 18-21) comprising: 
programming a configurable device using the configuration data provided by a secure 
device (col. 3 lines 32-43: "...creation of an electronic signature and associating it with 
write data..." this reads on configuration data created by a secure device, fig. 7: element 
306: "write data", col. 4 lines 18-21: col. 2 lines 54-55: BIOS updates reads on 
configuration data), the configuration data associated with an intellectual property block 
for implementation using user logic on the configurable device (col. 2 lines 54-56: BOIS 
configuration data is written, this BIOS is implemented on user logic in the form of a 
computer processor: col. 3 lines 47-49), disabling user logic provided for implementation 
of the configuration data after it is loaded onto the configurable device (col. 4 lines 25- 
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30: the FLASH memory is write-disabled); generating a configurable device 
authorization code (col. 2 lines 60-67: a reference digest of the configuration data is 
generated and signed. The digest is later used for authorizing the writing of 
configuration data to FLASH memory: this reads on an authorization code), comparing 
the configurable device authorization code and the secure device authorization code 
(fig. 2 element 120: Comparison Function, col. 2 lines 44-49, col. 3 lines 1-15); and 
enabling the user logic if the configurable device authorization code and the secure 
device authorization code correspond, (col. 3 lines 6-15: If the decrypted reference 
digest and the newly calculated reference digest match, then the FLASH memory is 
write-enabled and a BIOS update can be written). 

As for claim 14, Albrecht teaches a method for controlling use of configuration 
data (abstract: write data, fig. 7: element 306: write data, col. 4 lines 18-21) comprising: 
programming a configurable device using the configuration data provided by a secure 
device (col. 3 lines 32-43: "...creation of an electronic signature and associating it with 
write data..." This reads on configuration data created by a secure device, fig. 7: 
element 306: "write data", col. 4 lines 18-21: col. 2 lines 54-55: BIOS updates reads on 
configuration data), the configuration data associated with an intellectual property block 
for implementation using user logic on the configurable device (col. 2 lines 54-56: BOIS 
configuration data is written, this BIOS is implemented on user logic in the form of a 
computer processor: col. 3 lines 47-49), disabling user logic provided for implementation 
of the configuration data after it is loaded onto the configurable device (col. 4 lines 25- 
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30: the FLASH memory is write disabled); generating a configurable device 
authorization code using the configurable device sequence generator (col. 2 lines 60- 
67: a reference digest of the configuration data is generated and signed. The digest is 
later used for authorizing the writing of configuration data to FLASH memory: this reads 
on an authorization code); generating a first sequence in a secure device sequence 
generator in the secure device (col. 2 lines 43-51 : a reference digest of the write data is 
calculated and signed, the reference digest is later used in an authorization function); 
encrypting the first sequence in an encryptor in the secure device to generate a second 
sequence (fig. 1 element 108: the reference digest is encrypted in the secure device, 
col. 2 lines 43-51, the reference digest is signed, i.e., encrypted under a private key); 
transmitting the second sequence to the decryptor in the configurable device (col. 3 
lines 1-5, fig. 2 element 1 16: Decryption Function: the configurable device decrypts the 
signed reference digest received from the secure device); decrypting the second 
sequence to generate a third sequence (col. 3 lines 1-5, fig. 2 element 116: Decryption 
Function: the configurable device decrypts the signed reference digest received from 
the secure device); comparing the secure device authorization code and the 
configurable device authorization code (col. 3 lines 6-9: the decrypted reference digest 
and the newly calculated reference digest are compared); and enabling the user logic if 
the configurable device authorization code corresponds to the secure device 
authorization code (col. 3 lines 12-14: A secure write function is enabled in the 
configurable device if the comparison is successful). 
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As for claim 15, Albrecht teaches a method for controlling use of configuration 
data (abstract: write data, fig. 7: element 306: write data, col. 4 lines 18-21) comprising: 
programming a configurable device using the configuration data provided by a secure 
device (col. 3 lines 32-43: "...creation of an electronic signature and associating it with 
write data..." This reads on configuration data created by a secure device, fig. 7: 
element 306: "write data", col. 4 lines 18-21: col. 2 lines 54-55: BIOS updates reads on 
configuration data), the configuration data associated with an intellectual property block 
for implementation using user logic on the configurable device (col. 2 lines 54-56: BOIS 
configuration data is written, this BIOS is implemented on user logic in the form of a 
computer processor: col. 3 lines 47-49), disabling user logic provided for implementation 
of the configuration data after it is loaded onto the configurable device (col. 4 lines 25- 
30: the FLASH memory is write disabled and no BIOS update can be written); 
generating a configurable device authorization code using the configurable device 
authorization code generator (col. 2 lines 60-67: a reference digest of the configuration 
data is generated and signed. The digest is later used for authorizing the writing of 
configuration data to FLASH memory: this reads on an authorization code); generating 
a secure device authorization code in a secure device authorization code generator (col. 
2 lines 43-51: a reference digest of the write data is calculated and signed, the 
reference digest is later used in an authorization function); comparing the secure device 
authorization code and the configurable device authorization code (col. 3 lines 6-9: the 
decrypted reference digest and the newly calculated reference digest are compared); 
and enabling the user logic if the configurable device authorization code corresponds to 
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the secure device authorization code (col. 3 lines 12-14: A secure write function is 
enabled in the configurable device if the comparison is successful). 

As for claim 17, the claim is directed towards the apparatus that carries out the 
method of claim 15. Claim 17 recites substantially the same limitations as claim 15 and 
is thereby rejected on the same basis as is that claim. 

As for claim 18, Albrecht teaches the system of Claim 17, and the additional 
steps wherein: the configurable device generator comprises a sequence generator in 
the configurable device (col. 3 lines 1-3: the configurable device generates a new copy 
of the reference digest which reads on a sequence generator); and the secure device 
generator comprises: a sequence generator in the secure device (col. 2 lines 45-51 : the 
secure device generates a reference digest of the write data: this reads on a sequence 
generator); an encryptor coupled to the secure device sequence generator and 
configured to encrypt a first sequence generated by the secure device sequence 
generator to generate a second sequence (col. 2 lines 47-49: the secure device "signs" 
the reference digest by encrypting it under its private key); and a decryptor in the 
configurable device (col. 3 lines 3-7: the configurable device decrypts the signed 
reference digest received from the secure device), the decryptor coupled to the 
encryptor and configured to decrypt the second sequence (col. 3 lines 3-7: the 
configurable device decrypts the signed reference digest received from the secure 
device) to generate a third sequence and to transmit the third sequence as the secure 
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device authorization code to the first input of the comparator (col. 3 lines 3-6: 
"comparison function"). 

As for claim 23, Albrecht teaches the system of claim 17, and the additional steps 
wherein: the configurable device authorization code generator comprises a sequence 
generator in the configurable device (col. 3 lines 1-3: the configurable device generates 
a new reference digest, this reads on a sequence generator); and the secure device 
authorization code generator comprises a sequence generator in the secure device (col. 
2 lines 51-59: a reference digest is generated in the secure device). 

As for claim 32, Albrecht teaches the system of Claim 17, and the additional 
steps wherein: the secure device authorization code generator comprises a sequence 
generator in the secure device configured to generate a first sequence as the secure 
device authorization code (col. 2 lines 51-59); and the configurable device authorization 
code generator comprises: an encryptor in the secure device, the encryptor configured 
to receive and encrypt the first sequence to generate a second sequence (col. 2 lines 
51-59: the secure device generates a reference digest and then encrypts it under a 
private key before sending it to the configurable device); and a decryptor in the 
configurable device, the decryptor configured to receive and decrypt the second 
sequence to generate a third sequence (col. 3 lines 3-7) and to transmit the third 
sequence as the configurable device authorization code to the comparator (col. 3 lines 
3-7). 
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Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 28-31 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Albrecht et al. US 5,835,594, and Shona, US 5,799,085. 

As for claims 28 and 29, Albrecht teaches the system of Claim 17 wherein: the 
configurable device authorization code generator comprises a sequence generator in 
the configurable device configured to generate a first sequence as the configurable 
device authorization code (col. 3 lines 1-3); and the secure device authorization code 
generator comprises: an encryptor in the secure device (col. 2 lines 51-59), a decryptor 
(col. 3 lines 3-6) and a comparator (col. 3 lines 5-9: "comparison function"). However 
Albrecht does not further teach a sequence generator in the configurable device that is 
a pseudo-random number generator, or teach an encryptor in the secure device that is 
configured to receive and encrypt the first sequence to generate a second sequence 
and wherein the configurable then receives and decrypts the second sequence from the 
secure device in order to generate a third sequence and to transmit the third sequence 
as the secure device authorization code to the comparator. However Shona does teach 
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these features (col. 5 lines 15-25). Therefore it would have been obvious to one of 
ordinary skill in the art at the time of the invention to incorporate these features of 
Shona into the system of Albrecht. Motive to make this combination is found, for 
example in col. 1 lines 24-29 of Albrecht, where denial of unauthorized access to secure 
memory is discussed. Use of the terminal authentication challenge-response protocol of 
Shona would increase the difficulty of unauthorized access to secure memory. 

As for claim 30, the combination of Albrecht and Shona does not teach the use of 
an SRAM PLD. However Official Notice may be taken that the use of such memory in a 
PLD is a step that is old and well known in the art. Therefore it would have been 
obvious to one of ordinary skill in the art at the time of the invention to incorporate this 
feature into the system of Albrecht. It would have been advantageous to do so since the 
use of such memory would eliminate the need for continual refreshes in order to keep 
the memory intact. 

As for claim 31 , the combination of Albrecht and Shona does not teach the use of 
an EEPROM PLD. However Official Notice may be taken that the use of such memory 
in a PLD is a step that is old and well known in the art. Therefore it would have been 
obvious to one of ordinary skill in the art at the time of the invention to incorporate this 
feature into the system of Albrecht. It would have been advantageous to do so since the 
use of such memory would allow for rapid updating and long-term storage of the 
configuration data. 
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7. Claims 2-13, 19-22, and 24-27 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Albrecht and Schrenk, US 5,889,266. 

As for claims 2, 10 and 13, Albrecht teaches the method of claim 1 of generating 
a second sequence, and transmitting the second sequence to an encryptor in the 
secure device; encrypting the second sequence to generate a third sequence (col. 2 
lines 60-67: The secure device calculates a reference digest of the write data, reading 
on generation of a first sequence, col. 2 lines 60-67: The secure device encrypts the 
reference digest under a private key to form a signed digest, reading on generation of a 
second sequence); transmitting the third sequence to a decryptor in the configurable 
device; and decrypting the third sequence to generate a fourth sequence (fig. 2 element 
116, col. 3 lines 3-6: The configurable device decrypts the signed reference digest using 
a public key that corresponds to the private key). However Albrecht does not teach the 
additional steps where generating the configurable device authorization code comprises 
generating a first sequence as the configurable device authorization code in a 
pseudo-random number generator in the configurable device; and generating the 
secure device authorization code comprises: generating a second sequence in a 
pseudo-random number generator in the secure device; and wherein the fourth 
sequence is the secure device authorization code. However, Schrenk does teach the 
use of such pseudorandom number generators to calculate a first sequence in a 
configurable device, and generation of an identical pseudorandom number in the secure 
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device (col. 6 lines 64-67, col. 7 lines 1-14). Therefore it would have been obvious to 
one of ordinary skill in the art at the time of the invention to incorporate these features 
into the system of Albrecht. It would have been desirable to do so since this 
authentication of the terminal, in addition to authentication / authorization of the write 
data, would provide an additional layer of security on preventing unauthorized access to 
the configurable device memory. 

As for claims 3, 7, 1 1 , 20 and 25, the combination of Albrecht and Schrenk does 
not teach the use of an SRAM PLD. However Official Notice may be taken that the use 
of such memory in a PLD is a step that is old and well known in the art. Therefore it 
would have been obvious to one of ordinary skill in the art at the time of the invention to 
incorporate this feature into the system of Albrecht. It would have been advantageous to 
do so since the use of such memory would eliminate the need for continual refreshes in 
> order to keep the memory intact. 

As for claims 4, 8, 12, 21 and 26, the combination of Albrecht and Schrenk does 
not teach the use of an EEPROM PLD. However Official Notice may be taken that the 
use of such memory in a PLD is a step that is old and well known in the art. Therefore it 
would have been obvious to one of ordinary skill in the art at the time of the invention to 
incorporate this feature into the system of Albrecht. It would have been advantageous to 
do so since the use of such memory would allow for rapid updating and long-term 
storage of the configuration data. 
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As for claims 5 and 24, Albrecht teaches the method of claims 2 and 17, but not 
the additional steps wherein the pseudo-random number generator in the secure device 
is a duplicate of the pseudo-random number generator in the configurable device and 
both pseudo-random number generators are seeded using the same seed. However, 
Schrenk does teach this feature (col. 6 lines 64-67, col. 7 lines 1-14). Therefore it would 
have been obvious to one of ordinary skill in the art at the time of the invention to 
incorporate these features into the system of Albrecht. It would have been desirable to 
do so since this seeding of identical pseudo-random number generators would allow 
authentication of the secure device (terminal), in addition to authentication / 
authorization of the write data, would provide an additional layer of security on 
preventing unauthorized access to the configurable device memory. 

As for claim 6, Albrecht teaches the method of claim 1 , but not the additional 
steps wherein: generating the configurable device authorization code comprises 
generating a first sequence as the configurable device authorization code in a 
pseudo-random number generator in the configurable device; and generating the 
secure device authorization code comprises generating a second sequence as the 
secure device authorization code in a pseudo-random number generator in the secure 
device. However, Schrenk does teach the use of such pseudorandom number 
generators to calculate a first sequence in a configurable device, and generation of an 
identical pseudorandom number in the secure device (col. 6 lines 64-67, col. 7 lines 1- 
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14). Therefore it would have been obvious to one of ordinary skill in the art at the time of 
the invention to incorporate these features into the system of Albrecht. It would have 
been desirable to do so since this authentication of the terminal, in addition to 
authentication / authorization of the write data, would provide an additional layer of 
security on preventing unauthorized access to the configurable device memory. 

As for claims 9, 19, 22 and 27, Albrecht teaches the method of claims 6 and 18, 
but not the additional steps wherein the pseudo-random number generator in the secure 
device is a duplicate of the pseudo-random number generator in the configurable device 
and both pseudo-random number generators are seeded using the same seed. 
However, Schrenk does teach the use of such identical pseudorandom number 
generators to calculate a first sequence in a configurable device, and generation of an 
identical pseudorandom number in the secure device (col. 6 lines 64-67, col. 7 lines 1- 
14). Therefore it would have been obvious to one of ordinary skill in the art at the time of 
the invention to incorporate these features into the system of Albrecht. It would have 
been desirable to do so since this authentication of the terminal, in addition to 
authentication / authorization of the write data, would provide an additional layer of 
security on preventing unauthorized access to the configurable device memory. 

Conclusion 

8. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paul E. Callahan whose telephone number is (571) 272- 
3869. The examiner can normally be reached on M-F from 9 to 5. 

If attempts to reach the examiner by telephone are unsuccessful, the Examiner's 
supervisor, Emmanuel Moise, can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is: (571) 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
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you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




/Paul Callahan/ 
August 29, 2007 



EMMANUEL L MOISE 
SUPERVISORY PATENT EXAMINER 



